Tomcat 6 with APR connector setup for RapidSSL digital certificate

Trying to configure Tomcat 6 to use a Digital Certificate from RapidSSL, e.g. NOT a self-signed certificate that I have got working successfully as a test.

The Tomcat 6 server uses the APR connector. Tomcat docs state that the keystore cannot be used with APR and that setup requires using the parameters:

SSLCertificateFile and SSLCertificateKeyFile.

The SSLCertificateFile is ok as that is the certificate from RapidSSL. I also gather that Tomcat parameter SSLCertificateChainFile should be used to point to the Intermediate file from RapidSSL (GeoTrust).

But trying t开发者_如何转开发o understand exactly what should be referenced by SSLCertificateKeyFile as that is not something that I got from RapidSSL.

As I understand it, you have to generate a private key with OpenSSL (or mod_ssl). Open the cmd, go to the bin directory of OpenSSL an use openssl -req -new -out [path for request] -keyout [path for key]. For the key you use .pem as ending.

I'm not sure, whether or not you have to generate the request in combination with the key, but I think so. But you can try OpenSSL: openssl -req -new -keyout [path for key]; maybe that's enough.

Then use the .pem as SSLCertificateKeyFile.

If this doesn't work, you may search for "import certificates into the keystore" or such. Else try to use JSSE, if this is an option, importing certificates should be easier for it.

When you originally got the certificate from RapidSSL did you follow any of these instruction sets to generate a CSR (certificate signing request)?

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO6506

If so, the first step in each one should be to generate a private key and save it to a file. That private key file you created is what you need to use for the SSLCertificateKeyFile parameter. Make sure that file is locked down!